From 92f05a2f38e6c6bc6c69880358c41ac17bd31298 Mon Sep 17 00:00:00 2001
From: Ulrich Weber <ulrich.weber@sophos.com>
Date: Thu, 3 Jan 2013 00:39:58 +0000
Subject: extension: libip6t_DNAT: allow port DNAT without address

correct parsing of IPv6 port NAT without address NAT,
assume one colon as port information.

Allows:
* address only:
 -j DNAT --to affe::1
 -j DNAT --to [affe::1]

* port only
 -j DNAT --to :80
 -j DNAT --to :80-110
 -j DNAT --to []:80
 -j DNAT --to []:80-110

* address and port
 -j DNAT --to [affe::1]:80
 -j DNAT --to [affe::1]:80-110

Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 extensions/libip6t_DNAT.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'extensions/libip6t_DNAT.c')

diff --git a/extensions/libip6t_DNAT.c b/extensions/libip6t_DNAT.c
index a5969c36..1bba37e2 100644
--- a/extensions/libip6t_DNAT.c
+++ b/extensions/libip6t_DNAT.c
@@ -54,8 +54,13 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
 		xtables_error(RESOURCE_PROBLEM, "strdup");
 
 	start = strchr(arg, '[');
-	if (start == NULL)
+	if (start == NULL) {
 		start = arg;
+		/* Lets assume one colon is port information. Otherwise its an IPv6 address */
+		colon = strchr(arg, ':');
+		if (colon && strchr(colon+1, ':'))
+			colon = NULL;
+	}
 	else {
 		start++;
 		end = strchr(start, ']');
@@ -105,8 +110,8 @@ parse_to(const char *orig_arg, int portok, struct nf_nat_range *range)
 			range->min_proto.tcp.port = htons(port);
 			range->max_proto.tcp.port = htons(maxport);
 		}
-		/* Starts with a colon? No IP info...*/
-		if (colon == arg) {
+		/* Starts with colon or [] colon? No IP info...*/
+		if (colon == arg || colon == arg+2) {
 			free(arg);
 			return;
 		}
-- 
cgit v1.2.3